{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Enterprise Web Server 2.1 for\nRHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.1.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1\nRelease Notes, linked to in the References section, for information on the\nmost significant of these changes.\n\nAll users of Red Hat JBoss Web Server 2.1.0 on Red Hat Enterprise Linux 6\nare advised to upgrade to Red Hat JBoss Web Server 2.1.1. The JBoss server\nprocess must be restarted for this update to take effect.\n\nSecurity Fix(es):\n\n* It was discovered that httpd used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI scripts,\nwhich in turn was incorrectly used by certain HTTP client implementations\nto configure the proxy for outgoing HTTP requests. A remote attacker could\npossibly use this flaw to redirect HTTP requests performed by a CGI script\nto an attacker-controlled proxy via a malicious HTTP request.\n(CVE-2016-5387)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and\nCVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110.\nUpstream acknowledges Guido Vranken as the original reporter of\nCVE-2016-2105 and CVE-2016-2106.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:1649",
        "url": "https://access.redhat.com/errata/RHSA-2016:1649"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/2.1/html/2.1.1_Release_Notes/index.html",
        "url": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/2.1/html/2.1.1_Release_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/",
        "url": "https://access.redhat.com/site/documentation/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html",
        "url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/httpoxy",
        "url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
      },
      {
        "category": "external",
        "summary": "1326320",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326320"
      },
      {
        "category": "external",
        "summary": "1331441",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331441"
      },
      {
        "category": "external",
        "summary": "1331536",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331536"
      },
      {
        "category": "external",
        "summary": "1337155",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337155"
      },
      {
        "category": "external",
        "summary": "1337396",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337396"
      },
      {
        "category": "external",
        "summary": "1338646",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1338646"
      },
      {
        "category": "external",
        "summary": "1353755",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353755"
      },
      {
        "category": "external",
        "summary": "1358118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358118"
      },
      {
        "category": "external",
        "summary": "1366541",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1366541"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1649.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.1 security update on RHEL 6",
    "tracking": {
      "current_release_date": "2026-06-28T12:27:42+00:00",
      "generator": {
        "date": "2026-06-28T12:27:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.2.6"
        }
      },
      "id": "RHSA-2016:1649",
      "initial_release_date": "2016-08-22T18:07:30+00:00",
      "revision_history": [
        {
          "date": "2016-08-22T18:07:30+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2016-08-22T18:07:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-28T12:27:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
                  "product_id": "6Server-JBEWS-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
                "product": {
                  "name": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
                  "product_id": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-runtime@1-3.jbcs.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-0:1-3.jbcs.el6.noarch",
                "product": {
                  "name": "jbcs-httpd24-0:1-3.jbcs.el6.noarch",
                  "product_id": "jbcs-httpd24-0:1-3.jbcs.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24@1-3.jbcs.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
                "product": {
                  "name": "mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
                  "product_id": "mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_cluster-tomcat6@1.2.13-1.Final_redhat_1.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
                "product": {
                  "name": "mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
                  "product_id": "mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_cluster@1.2.13-1.Final_redhat_1.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
                "product": {
                  "name": "mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
                  "product_id": "mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.2.13-1.Final_redhat_1.1.ep6.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-4.jbcs.el6?arch=i686&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-4.jbcs.el6?arch=i686&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-4.jbcs.el6?arch=i686&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-4.jbcs.el6?arch=i686&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-4.jbcs.el6?arch=i686&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-4.jbcs.el6?arch=i686&epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-4.jbcs.el6?arch=x86_64&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-4.jbcs.el6?arch=x86_64&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-4.jbcs.el6?arch=x86_64&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-4.jbcs.el6?arch=x86_64&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-4.jbcs.el6?arch=x86_64&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-4.jbcs.el6?arch=x86_64&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
                "product": {
                  "name": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
                  "product_id": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-3.Final_redhat_2.ep6.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
                "product": {
                  "name": "mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
                  "product_id": "mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-3.Final_redhat_2.ep6.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
                "product": {
                  "name": "mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
                  "product_id": "mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.41-2.redhat_3.ep6.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
                "product": {
                  "name": "mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
                  "product_id": "mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.41-2.redhat_3.ep6.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
                "product": {
                  "name": "mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
                  "product_id": "mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_jk-manual@1.2.41-2.redhat_3.ep6.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
                "product": {
                  "name": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
                  "product_id": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native@1.1.34-5.redhat_1.ep6.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
                "product": {
                  "name": "tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
                  "product_id": "tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.1.34-5.redhat_1.ep6.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
                "product": {
                  "name": "mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
                  "product_id": "mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl@2.2.26-54.ep6.el6?arch=x86_64&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-0:2.2.26-54.ep6.el6.x86_64",
                "product": {
                  "name": "httpd-0:2.2.26-54.ep6.el6.x86_64",
                  "product_id": "httpd-0:2.2.26-54.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.2.26-54.ep6.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
                "product": {
                  "name": "httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
                  "product_id": "httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-54.ep6.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
                "product": {
                  "name": "httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
                  "product_id": "httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-devel@2.2.26-54.ep6.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
                "product": {
                  "name": "httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
                  "product_id": "httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-manual@2.2.26-54.ep6.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
                "product": {
                  "name": "httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
                  "product_id": "httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-tools@2.2.26-54.ep6.el6?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-4.jbcs.el6?arch=src&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
                "product": {
                  "name": "mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
                  "product_id": "mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_cluster@1.2.13-1.Final_redhat_1.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
                "product": {
                  "name": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
                  "product_id": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-3.Final_redhat_2.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
                "product": {
                  "name": "mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
                  "product_id": "mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_jk@1.2.41-2.redhat_3.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
                "product": {
                  "name": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
                  "product_id": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native@1.1.34-5.redhat_1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-0:2.2.26-54.ep6.el6.src",
                "product": {
                  "name": "httpd-0:2.2.26-54.ep6.el6.src",
                  "product_id": "httpd-0:2.2.26-54.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.2.26-54.ep6.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
                "product": {
                  "name": "mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
                  "product_id": "mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-3.Final_redhat_2.ep6.el6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
                "product": {
                  "name": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
                  "product_id": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-3.Final_redhat_2.ep6.el6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
                "product": {
                  "name": "mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
                  "product_id": "mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.41-2.redhat_3.ep6.el6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
                "product": {
                  "name": "mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
                  "product_id": "mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.41-2.redhat_3.ep6.el6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
                "product": {
                  "name": "mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
                  "product_id": "mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_jk-manual@1.2.41-2.redhat_3.ep6.el6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
                "product": {
                  "name": "tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
                  "product_id": "tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.1.34-5.redhat_1.ep6.el6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
                "product": {
                  "name": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
                  "product_id": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native@1.1.34-5.redhat_1.ep6.el6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-1:2.2.26-54.ep6.el6.i386",
                "product": {
                  "name": "mod_ssl-1:2.2.26-54.ep6.el6.i386",
                  "product_id": "mod_ssl-1:2.2.26-54.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl@2.2.26-54.ep6.el6?arch=i386&epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-manual-0:2.2.26-54.ep6.el6.i386",
                "product": {
                  "name": "httpd-manual-0:2.2.26-54.ep6.el6.i386",
                  "product_id": "httpd-manual-0:2.2.26-54.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-manual@2.2.26-54.ep6.el6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
                "product": {
                  "name": "httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
                  "product_id": "httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-54.ep6.el6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-devel-0:2.2.26-54.ep6.el6.i386",
                "product": {
                  "name": "httpd-devel-0:2.2.26-54.ep6.el6.i386",
                  "product_id": "httpd-devel-0:2.2.26-54.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-devel@2.2.26-54.ep6.el6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-0:2.2.26-54.ep6.el6.i386",
                "product": {
                  "name": "httpd-0:2.2.26-54.ep6.el6.i386",
                  "product_id": "httpd-0:2.2.26-54.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.2.26-54.ep6.el6?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-tools-0:2.2.26-54.ep6.el6.i386",
                "product": {
                  "name": "httpd-tools-0:2.2.26-54.ep6.el6.i386",
                  "product_id": "httpd-tools-0:2.2.26-54.ep6.el6.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-tools@2.2.26-54.ep6.el6?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-0:2.2.26-54.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386"
        },
        "product_reference": "httpd-0:2.2.26-54.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-0:2.2.26-54.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src"
        },
        "product_reference": "httpd-0:2.2.26-54.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-0:2.2.26-54.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64"
        },
        "product_reference": "httpd-0:2.2.26-54.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-debuginfo-0:2.2.26-54.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386"
        },
        "product_reference": "httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64"
        },
        "product_reference": "httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-devel-0:2.2.26-54.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386"
        },
        "product_reference": "httpd-devel-0:2.2.26-54.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-devel-0:2.2.26-54.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64"
        },
        "product_reference": "httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-manual-0:2.2.26-54.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386"
        },
        "product_reference": "httpd-manual-0:2.2.26-54.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-manual-0:2.2.26-54.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64"
        },
        "product_reference": "httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-tools-0:2.2.26-54.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386"
        },
        "product_reference": "httpd-tools-0:2.2.26-54.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-tools-0:2.2.26-54.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64"
        },
        "product_reference": "httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-0:1-3.jbcs.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch"
        },
        "product_reference": "jbcs-httpd24-0:1-3.jbcs.el6.noarch",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch"
        },
        "product_reference": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch"
        },
        "product_reference": "mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src"
        },
        "product_reference": "mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386"
        },
        "product_reference": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src"
        },
        "product_reference": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64"
        },
        "product_reference": "mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386"
        },
        "product_reference": "mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64"
        },
        "product_reference": "mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch"
        },
        "product_reference": "mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch"
        },
        "product_reference": "mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src"
        },
        "product_reference": "mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386"
        },
        "product_reference": "mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64"
        },
        "product_reference": "mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386"
        },
        "product_reference": "mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64"
        },
        "product_reference": "mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386"
        },
        "product_reference": "mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64"
        },
        "product_reference": "mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-1:2.2.26-54.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386"
        },
        "product_reference": "mod_ssl-1:2.2.26-54.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-1:2.2.26-54.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64"
        },
        "product_reference": "mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386"
        },
        "product_reference": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src"
        },
        "product_reference": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
        },
        "product_reference": "tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386"
        },
        "product_reference": "tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
        "relates_to_product_reference": "6Server-JBEWS-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
          "product_id": "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
        },
        "product_reference": "tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
        "relates_to_product_reference": "6Server-JBEWS-2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the OpenSSL project"
          ]
        },
        {
          "names": [
            "Guido Vranken"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2016-2105",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2016-04-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1331441"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: EVP_EncodeUpdate overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
          "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
          "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
          "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
          "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-2105"
        },
        {
          "category": "external",
          "summary": "RHBZ#1331441",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331441"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2105"
        },
        {
          "category": "external",
          "summary": "https://openssl.org/news/secadv/20160503.txt",
          "url": "https://openssl.org/news/secadv/20160503.txt"
        }
      ],
      "release_date": "2016-05-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-08-22T18:07:30+00:00",
          "details": "Before applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically.\n\nRefer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a \nlist of non security related fixes.",
          "product_ids": [
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1649"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: EVP_EncodeUpdate overflow"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the OpenSSL project"
          ]
        },
        {
          "names": [
            "Guido Vranken"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2016-2106",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2016-04-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1331536"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: EVP_EncryptUpdate overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
          "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
          "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
          "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
          "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-2106"
        },
        {
          "category": "external",
          "summary": "RHBZ#1331536",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331536"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2106",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2106"
        },
        {
          "category": "external",
          "summary": "https://openssl.org/news/secadv/20160503.txt",
          "url": "https://openssl.org/news/secadv/20160503.txt"
        }
      ],
      "release_date": "2016-05-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-08-22T18:07:30+00:00",
          "details": "Before applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically.\n\nRefer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a \nlist of non security related fixes.",
          "product_ids": [
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1649"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: EVP_EncryptUpdate overflow"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Michal Karm Babacek"
          ]
        }
      ],
      "cve": "CVE-2016-3110",
      "discovery_date": "2016-04-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1326320"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_cluster: remotely Segfault Apache http server",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
          "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
          "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
          "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
          "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3110"
        },
        {
          "category": "external",
          "summary": "RHBZ#1326320",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326320"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3110",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3110"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3110",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3110"
        }
      ],
      "release_date": "2016-08-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-08-22T18:07:30+00:00",
          "details": "Before applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically.\n\nRefer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a \nlist of non security related fixes.",
          "product_ids": [
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1649"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.7,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_cluster: remotely Segfault Apache http server"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Scott Geary"
          ],
          "organization": "VendHQ"
        }
      ],
      "cve": "CVE-2016-5387",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2016-07-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1353755"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTPD: sets environmental variable based on user supplied Proxy request header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
          "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
          "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
          "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
          "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
          "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
          "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
          "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
          "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
          "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
          "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
          "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
          "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5387"
        },
        {
          "category": "external",
          "summary": "RHBZ#1353755",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353755"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5387",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5387"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/httpoxy",
          "url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
        },
        {
          "category": "external",
          "summary": "https://httpoxy.org/",
          "url": "https://httpoxy.org/"
        },
        {
          "category": "external",
          "summary": "https://www.apache.org/security/asf-httpoxy-response.txt",
          "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
        }
      ],
      "release_date": "2016-07-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-08-22T18:07:30+00:00",
          "details": "Before applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically.\n\nRefer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a \nlist of non security related fixes.",
          "product_ids": [
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1649"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.src",
            "6Server-JBEWS-2:httpd-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-devel-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-manual-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:httpd-tools-0:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.src",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.i686",
            "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-4.jbcs.el6.x86_64",
            "6Server-JBEWS-2:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.src",
            "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.i386",
            "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-3.Final_redhat_2.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.13-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEWS-2:mod_jk-0:1.2.41-2.redhat_3.ep6.el6.src",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-ap22-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.i386",
            "6Server-JBEWS-2:mod_jk-manual-0:1.2.41-2.redhat_3.ep6.el6.x86_64",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.i386",
            "6Server-JBEWS-2:mod_ssl-1:2.2.26-54.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.src",
            "6Server-JBEWS-2:tomcat-native-0:1.1.34-5.redhat_1.ep6.el6.x86_64",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.i386",
            "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.34-5.redhat_1.ep6.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTPD: sets environmental variable based on user supplied Proxy request header"
    }
  ]
}